NYCPHP Meetup

NYPHP.org

[nycphp-talk] securityfocus 295, inlcudes php problem

Daniel Convissor danielc at analysisandsolutions.com
Sun Apr 10 21:44:13 EDT 2005 

SecurityFocus Newsletter #295

PHP
---
PHP JPEG and IFF image Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/12962
http://www.securityfocus.com/bid/12963

This impacts the getimagesize() function in versions of PHP prior to
4.3.11 and 5.0.4.

PHP's developers were notified of the issue on 2005-02-23 and the fixes
were committed to ext/standard/image.c on 2005-02-24.


APPLICATIONS USING PHP
----------------------
ESMI PayPal Storefront SQL Injection Vulnerability
http://www.securityfocus.com/bid/12903

ESMI PayPal Storefront Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/12904

Nuke Bookmarks Marks.php Path Disclosure Vulnerability
http://www.securityfocus.com/bid/12906

Nuke Bookmarks Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/12907

Nuke Bookmarks Marks.php SQL Injection Vulnerability
http://www.securityfocus.com/bid/12908

MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripti...
http://www.securityfocus.com/bid/12909

MagicScripts E-Store Kit-2 PayPal Edition Remote File Includ...
http://www.securityfocus.com/bid/12910

PHPCoin Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12917

PhotoPost Pro Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/12920

EncapsBB File Include Vulnerability
http://www.securityfocus.com/bid/12933

Smarty Template Engine Remote PHP Script Execution Vulnerability
http://www.securityfocus.com/bid/12941

Horde Application Framework Parent Page Title Cross-Site Scr...
http://www.securityfocus.com/bid/12943

AlstraSoft EPay Pro Remote File Include Vulnerability
http://www.securityfocus.com/bid/12973

PAFileDB ID Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/12952

InterAKT Online MX Shop SQL Injection Vulnerability
http://www.securityfocus.com/bid/12957

Lighthouse Development Squirrelcart SQL Injection Vulnerability
http://www.securityfocus.com/bid/12944

WackoWiki Unspecified Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/12939

Chatness Message Form Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/12929

CPG Dragonfly Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/12930

Tkai's Shoutbox Query Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/12914

EXoops Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/12915

Valdersoft Shopping Cart Multiple Input Validation Vulnerability
http://www.securityfocus.com/bid/12916

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409

More information about the talk mailing list